<?php
/***************************************************************************
 * 

 ***************************************************************************/
 
define('InAdmin', 1);
$current_page = 'settings';
include '../includes/common.inc.php';
include $include_path . 'functions_admin.php';
include 'loggedin.inc.php';



function build_sql($data)
{
	foreach($data as $k => $v)
	{
		if(is_numeric($v))
		{
			$data[$k] = '`' . $k . '` = ' . $v . '';
		}
		else
		{
			$data[$k] = '`' . $k . '` = \'' . mysql_real_escape_string($v) . '\'';
		}
	}
	return implode(', ', $data);
}


if (isset($_POST['action']))
{
	//
	if ($_POST['action'] == 'Add attribute')
	{

		if (isset($_REQUEST['NEW_REQUIRED']))
		{ if ($_REQUEST['NEW_REQUIRED']=='on') { $REQ_VAL=1; } else { $REQ_VAL=0; }
		}		
		if (isset($_REQUEST['NEW_INHERITABLE']))
		{ if ($_REQUEST['NEW_INHERITABLE']=='on') { $INH_VAL=1; } else { $INH_VAL=0; }
		}		

		$data = array(
				'attr_id' => $_POST['ATTR_ITEM'],
				'cat_id' => $_GET['catid'],
				'required' => $REQ_VAL,
				'inheritable' => $INH_VAL
		);

		$data = build_sql($data);
		$query = "INSERT INTO " . $DBPrefix . "cat_attr SET " . $data;
		$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
		
	}
	
	if ($_POST['action'] == 'Submit changes')
	{
		//
		if (isset($_POST['TODEL']) && is_array($_POST['TODEL']))
		{
			$query = "DELETE FROM " . $DBPrefix . "cat_attr WHERE attr_id IN (" . implode(',', $_POST['TODEL']) . ")";
			$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
		}
		
		//
		foreach ($_POST['ATTR_ID_ARR'] as $k)
		{
			if (isset($_REQUEST['REQUIRED'][$k])) { $REQ_VAL=1; } else { $REQ_VAL=0; }
			
			if (isset($_REQUEST['INHERITABLE'][$k])) { $INH_VAL=1; } else { $INH_VAL=0; }
			
			
			$query = "UPDATE " . $DBPrefix . "cat_attr SET required = " . $REQ_VAL . ", inheritable = " . $INH_VAL . 
			         " WHERE cat_id = " . intval($_GET['catid']) . " AND attr_id = " . $k;
			$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
		}
		
	}
	
}



//show the page...
if (isset($_GET['catid']))
{
	$query = "SELECT (CASE WHEN required THEN 'checked=\"checked\"' ELSE '' END) as required1,
			         (CASE WHEN inheritable THEN 'checked=\"checked\"' ELSE '' END) as inheritable1, ID, Name
				FROM " . $DBPrefix . "attr_dict dic, " . $DBPrefix . "cat_attr ca
			   WHERE ca.cat_id = " . intval($_GET['catid']) . " AND ca.attr_id = dic.id";
	//$template->assign_var('ATTRIBUTES_LIST', $query) ;

	$atr_ids = "-1";
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);

	while($attr = mysql_fetch_assoc($res))
	{
		$atr_ids.= "," . $attr['ID'];

		$template->assign_block_vars('attrs', array(
				'ATTR_ID' => $attr['ID'],
				'ATTR_NAME' => $system->uncleanvars($attr['Name']),
				#san				'ATTR_NAME' => $attr['Name'],
				'ATTR_REQUIRED' => $attr['required1'],
				'ATTR_INHERITABLE' => $attr['inheritable1']
		));
	}


	$query = "SELECT ID, Name
				FROM " . $DBPrefix . "attr_dict
			   WHERE ID NOT IN (". $atr_ids . ")";

	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);

	$Attributes = "<select name=\"ATTR_ITEM\">\n";
	while($attr = mysql_fetch_assoc($res))
	{
		$Attributes.= "   <option value=\"" . $attr['ID'] . "\">" . $attr['Name'] . "</option>\n";

	}
	$Attributes.= "</select>";

	$template->assign_var('ATTRIBUTES_LIST', $Attributes) ;
	$template->assign_var('CHARSET', $CHARSET) ;
}



$template->set_filenames(array(
		'body' => 'cat_attr.tpl'
));
$template->display('body');



?>